Tabs HIJACKED!

Discussion of bugs in Mozilla Firefox
User avatar
msjayhawk
Posts: 28
Joined: March 25th, 2004, 10:47 am

Tabs HIJACKED!

Post by msjayhawk »

How in the world is it possible for one to navigate to a page, with seven or eight tabs open, and the front most go to a malicious site, AND THEN, the next tab back starts rolling to a hijack site, then another 2 deep, and then one three deep!!

This is a real problem. I don't care if it comes from all of your typical sleaze sites, porn, gambling, korean sales sites, etc.

I want to know how this is possible. It shakes my confidence in Firefox....

Second, how do you prevent the pop up that says "are you sure you want to leave the site", and you click the appropriate button, and all it does is open a new site in a new tab with the same stupid exit 'statement'. I have to close down firefox and then restart and close the tabs before they load...

Greatly appreciated. If this stuff is happening in small locations, soon people will be using it all over firefox :oops:
KWierso
Posts: 8829
Joined: May 7th, 2006, 10:29 pm
Location: California

Re: Tabs HIJACKED!

Post by KWierso »

Got some links to where this is happening? I've never seen anything like this.

Sounds more like the system is infected with some malware.
User avatar
msjayhawk
Posts: 28
Joined: March 25th, 2004, 10:47 am

Re: Tabs HIJACKED!

Post by msjayhawk »

KWierso wrote:Got some links to where this is happening? I've never seen anything like this.

Sounds more like the system is infected with some malware.
Trust me, not the system. I have had it happen 5 or 6 times since xmas. Probably 4 times in the last two months. Plus in Feb I put an new hard drive in and redid my MacBook Pro. I did not use time machine. New system

This is real. I am just asking how it happens. If you don't know now, I can't imagine what will happen when the mainstream gets it. Probably generated by the MS/IE crowd...
User avatar
msjayhawk
Posts: 28
Joined: March 25th, 2004, 10:47 am

Re: Tabs HIJACKED!

Post by msjayhawk »

The problem is, when you get attacked and start seeing you back tabs start rolling, you get out as fast as you can and shut it off. I can see by your platform that you don't know what it truly feels like to be hijacked since you are accustomed to weird results of clicks. I don't mean that badly, I just mean from someone that has XP Pro at work and Mac at home. We are just not as script ready on mac. But this happens on MAC and WINDOWS.

As long as you ignore the fact that this is hijackable, the longer it is going to take to recover when it is prevalent...
KWierso
Posts: 8829
Joined: May 7th, 2006, 10:29 pm
Location: California

Re: Tabs HIJACKED!

Post by KWierso »

Until you can show me where you're getting "hijacked", I can't do anything about it, as I've never seen it happen.
User avatar
msjayhawk
Posts: 28
Joined: March 25th, 2004, 10:47 am

Re: Tabs HIJACKED!

Post by msjayhawk »

Well, until you feel like willing searching for sites that do it, I don't know what to tell you. If you like looking for sites that you have to 'crash' out of and erase history before you can get back on the net. All I do know is it "is doable" and being done. Feel free to ignore my warning, but people are already talking about it in chat rooms...

Feel free to wait for it, or try to figure it out in a group forum.

I would feel free to talk to you on the phone, and give you my contact info. This is NO hoax, and I am not stupid when it comes to browsers.

I would be glad to talk about it, but basically it is "You go to an attack site, and it starts rolling through and resetting your back tabs to pop ups of it's choice'
User avatar
dfoulkes
Posts: 22525
Joined: June 28th, 2008, 10:31 pm
Location: Mesquite, Nevada

Re: Tabs HIJACKED!

Post by dfoulkes »

It sounds like you think that this site is Mozilla.... it isn't... we are just users helping users figure stuff out.
http://www.mozillazine.org/about/

You've basically stated that "something" is doing "stuff" to you comp. that you don't like but you have not given a single bit of info where people here could lend a hand.
This is a real problem. I don't care if it comes from all of your typical sleaze sites, porn, gambling, korean sales sites, etc.
I want to know how this is possible. It shakes my confidence in Firefox....

RE: The red above... you had better care because that's where all the crap lives and is waiting to invade your computer. I hope that you have proper security software residing on your comp... even Macs can get invaded.... and it could happen to any and all browsers if the user clicks on stuff in a bad-site.
As you can see she's (The CAT) always alert and on the prowl for Meoware !!
User avatar
Gingerbread Man
Posts: 7735
Joined: January 30th, 2007, 10:55 am

Re: Tabs HIJACKED!

Post by Gingerbread Man »

msjayhawk wrote:Well, until you feel like willing searching for sites that do it, I don't know what to tell you.

Seriously? "Go look for random malicious sites on the Internet, I'm sure eventually you'll hit one similar to the ones I did", that's your answer? To put it politely, you're being unreasonable. If you won't post a link where the problem occurs, then no one can say if it's a bug in Firefox that should be fixed.

The developers are aware of malicious sites and do work to improve Firefox in that regard. For example, in Firefox 4.0 dialogs triggered by websites are no longer modal windows, allowing users to navigate away from the page or close the tab without being forced to answer a prompt.
User avatar
msjayhawk
Posts: 28
Joined: March 25th, 2004, 10:47 am

Re: Tabs HIJACKED!

Post by msjayhawk »

Hey, I am a mechanical engineer and fix problems all of the time, when I hear about them. I don't have the time to sit around and fix firefox problems. Sometimes I would love to, with all of the hassles.

I found one tonight. It does not show up as the same website, but in between clicks on it, I got the IP (213.174.154.21

It does not show up on history, which is weird in itself.

inetnum: 213.174.154.0 - 213.174.154.63
netname: ADVANCEDHOSTERS-NET
descr: Advanced Hosters
country: US
admin-c: AH36-RIPE
tech-c: AH36-RIPE
status: ASSIGNED PA
remarks: INFRA-AW
remarks: Send abuse reports to abuse@advancedhosters.com
mnt-by: ADVANCEDHOSTERS-MNT
mnt-lower: ADVANCEDHOSTERS-MNT
mnt-routes: ADVANCEDHOSTERS-MNT
source: RIPE # Filtered

role: ADVANCEDHOSTERS LIMITED
address: 27 OLD GLOUCESTER STREET
address: LONDON, CV1 2FL, United Kingdom
org: ORG-AH11-RIPE
abuse-mailbox: abuse@advancedhosters.com
admin-c: OAVO1-RIPE
tech-c: OAVO1-RIPE
nic-hdl: AH36-RIPE
mnt-by: ADVANCEDHOSTERS-MNT
source: RIPE # Filtered
User avatar
msjayhawk
Posts: 28
Joined: March 25th, 2004, 10:47 am

Re: Tabs HIJACKED!

Post by msjayhawk »

This is not the IP of the website that shows up either. If you go to the website listed in the address, it has a different IP.
User avatar
msjayhawk
Posts: 28
Joined: March 25th, 2004, 10:47 am

Re: Tabs HIJACKED!

Post by msjayhawk »

Here is the IP from a history tracker I was running!

Code: Select all

http://213.174.154.21/v/cl.php?r=1&slid=pJ%252Bppp6Vp5ala69jMDKlpfWll5Wn4aRjY2UwMaal9aWXk%252B6W8GSvY3wy79%252Fa38rQ4dvnYZaibXzb4
O3jn5Kh2NWfmKBvduaa3OLSku7S46ebmHJz59Xt5pPG4dLwlHuFMGO32%252B%252B%252Fl5Toybubn5ZuTqPN0cXfr9%252Bz6pWGaz0%253D


possibly bad news -ln
User avatar
dfoulkes
Posts: 22525
Joined: June 28th, 2008, 10:31 pm
Location: Mesquite, Nevada

Re: Tabs HIJACKED!

Post by dfoulkes »

You might want do install these...the two top ones are the best...
The below is quoted from a Moderator of this board.
Daifne wrote:Install and run these free programs.
Malwarebytes' Anti-Malware
SuperAntispyware
AdAware
Spybot Search & Destroy

If these don't find it or can't clear it, post in one of these forums for specialized malware removal help:
http://www.spywarewarrior.com/index.php
http://forum.aumha.org/
http://www.spywareinfoforum.com/
http://www.bleepingcomputer.com/forums/forum79.html
As you can see she's (The CAT) always alert and on the prowl for Meoware !!
User avatar
msjayhawk
Posts: 28
Joined: March 25th, 2004, 10:47 am

Re: Tabs HIJACKED!

Post by msjayhawk »

Like I said, it is not running anything aside from FIREFOX. There is no notice of trying to install software, which I see all of the time on other hacks. I have spyware and full antivirus, all up to date.

This is a redirect that stems from the IP ADDRESS listed above. It some how uses fire fox to change tabs behind the one you are in.

I have seen hacked windows machines that send you to their sites only and such. I know what those are, idiots at work on Windows boxes get them all of the time.

I think this is from some company that has found a way to redirect tabs in fire fox and charge clients for their services.

There is no long term effect on fire fox, the only thing is that the tabs that were altered cannot be gone 'back' in. You just have to close them out. Then you can surf for months and never be redirected again.
User avatar
msjayhawk
Posts: 28
Joined: March 25th, 2004, 10:47 am

Re: Tabs HIJACKED!

Post by msjayhawk »

Here is more info on the IP ADDRESS:

The compilation, repackaging, dissemination or
other use of this Data is expressly
prohibited without the prior written consent
of Moniker.

Domain Name: SLY-HOSTING.COM
Registrar: MONIKER

Registrant [1963550]:
Moniker Privacy Services SLY-HOSTING.COM@domainservice.com
Moniker Privacy Services
20 SW 27th Ave.
Suite 201
Pompano Beach
FL
33069
US


Administrative Contact [1963550]:
Moniker Privacy Services SLY-HOSTING.COM@domainservice.com
Moniker Privacy Services
20 SW 27th Ave.
Suite 201
Pompano Beach
FL
33069
US
Phone: +1.9549848445
Fax: +1.9549699155


Billing Contact [1963550]:
Moniker Privacy Services SLY-HOSTING.COM@domainservice.com
Moniker Privacy Services
20 SW 27th Ave.
Suite 201
Pompano Beach
FL
33069
US
Phone: +1.9549848445
Fax: +1.9549699155


Technical Contact [1963550]:
Moniker Privacy Services SLY-HOSTING.COM@domainservice.com
Moniker Privacy Services
20 SW 27th Ave.
Suite 201
Pompano Beach
FL
33069
US
Phone: +1.9549848445
Fax: +1.9549699155


Domain servers in listed order:

ns5.public-ns.com
ns6.public-ns.com

Record created on: 2009-07-14 01:48:39.0
Database last updated on: 2010-07-05 06:27:57.663
Domain Expires on: 2011-07-14 01:48:40.0



e.g. 209.62.45.34 IPv4/IPv6 format for an IP Address, or maxmind.com for a website

Compare to another IP
IP Address: 213.174.154.21
IP Address Country: United States (US)
IP Address Region: VA Virginia
IP Address City: Ashburn
IP Postal Code
IP Address Area Code 703
IP Metro Code 511
IP Address Latitude: 39.0164985657
IP Address Longitude: -77.5062026978
IP Address ISP: Haldex
Organisation: Haldex
User avatar
msjayhawk
Posts: 28
Joined: March 25th, 2004, 10:47 am

Re: Tabs HIJACKED!

Post by msjayhawk »

Alternate Info:

Domain: sly-hosting.com
Global ranking: 287896 (Alexa, toplist global)
Ranking within .COM: 163377 (Alexa, toplist .COM)
Tags: sly-hosting
Hosting location: Kiev, Ukraine
Hosting network: Advancedhosters limited (AS39572)
Top websites on the Advancedhosters limited network
Launch date (first date with traffic): 2009-10-26 (Monday)
Sites launched on 2009-10-26
URL: http://www.sly-hosting.com/
IP-address: 213.174.154.21 Ukraine
Information last updated: 2011-04-21
Post Reply